Licensure and Registration: Software Engineering PE Examination

Licensure and Registration: Software Engineering PE Examination Phil Laplante, CSDP, PE, PhD Professor of Software Engineering Penn State Chair, Software PE Exam Development Committee

A scenario Hot pizza vending machine explodes due to a software error two persons are badly burned Original code written in basement by entrepreneur with no education in software engineering Prototype and code acquired by Big Al s Pizza Vending, Inc. Defect was introduced by original developer Who is at fault/liable? Could risk to public have been reduced? 2

Outline of webinar Which software systems affect the health, safety and welfare of the public? What does it mean to offer software services directly to the public? What are the requirements for licensing software engineers? 3

Which systems affect the health, safety and welfare of the public? Typical domains medicine, transportation, infrastructure, commerce, finance Typical applications implantable medical devices, automobiles, elevators, power systems, financial and health record management systems Less-obvious entertainment e.g. amusement park ride consumer goods e.g. microwave oven etc. 4

Critical IT infrastructures telecommunication infrastructure water supply electrical power system oil and gas road transportation railway transportation air transportation banking and financial services public safety services healthcare system administration and public services Based on a US Congress document on critical infrastructures identification (Moteff and Parfomak, 2004) 5

Examples Critical Drone aircraft Hot pizza vending machine Robot surgery Medical records system Pension management system Nuclear power plant Non critical Remote controlled model airplane Soda vending machine Automated tattoo machine Medical appointment selfregistration system Online stock trading system Wind power generator 6

Security and vulnerability Increased connectivity through handheld devices, smart homes, smart cars, wireless enabled devices increases attack surface Apps and plug-ins available to the public Vulnerabilities inadvertently created or deliberately planted Security must be built into quality processes education certification licensure 7

Have there really been many failures? ACM Forum On Risks To The Public In Computers And Related Systems, http://catless.ncl.ac.uk/risks Lists thousands of software failures 1985-present voluntarily reported failures whistleblowers examining corporate documents newspaper stories lawsuits privately settled cases government announcements Many are of critical infrastructures Some include injury and loss of life 8

Licensure The goal of a software engineer is to retire without having caused any major catastrophe. Dilbert Licensure demonstrates minimum competency in a discipline States license doctors, nurses, accountants, lawyers, engineers ( barbers, plumbers, tattoo artists, etc.) Certification (e.g. CSDP, CISSP, PMP) is voluntary, licensing is mandatory 9

Why licensure? What does involved mean? States require licensure of certain engineers to ensure that any practitioner is at least minimally competent Intent is to protect the public from injurious consequences of incompetent engineers Licensure is required if the engineer is involved in building a system whose failure could cause significant harm is offering his services directly to the public and not through a corporation, or government entity 10

Who would need a license? Would all software engineers need to be licensed? No, only those providing their services directly to the public Would all software have to be developed or supervised by licensed software engineers? no, only software that has an impact on the lives, property, economy, or security of people Licensing software engineers isn t a once-in-alifetime event Engineers must renew their licenses annually and may be subject to mandatory continuous professional development 11 Source: Krutchten, 2009

How does licensing software engineers help? Raising the level of professionalism Creating a system of accountability Creating trust and confidence in the public Qualifying expert witnesses But. only a small percentage of software professionals will need to be licensed 12

Organizations involved in licensure effort NCEES NSPE IEEE USA IEEE Computer Society Texas Board of Professional Engineers Prometric 13

Licensure requirements Bachelor s degree in software engineering from an ABET-accredited program (21 in US) Fundamentals of Engineering (FE) exam Applicable, supervised work experience (typically, at least four years) Principles and Practices of Software Engineering (P&P) exam Evidence of good moral character Continuing education to retain licensure Requirements vary between states 14

Fundamentals of Engineering (FE) Exam 180 multiple-choice questions 8 hour test in two parts morning session-- same for all engineering disciplines 120 questions : mathematics, probability and statistics, chemistry, computers, ethics, business practice, economics, mechanics, strength of materials, material properties, fluid mechanics, electricity and magnetism, thermodynamics afternoon session -- same for software, electrical and computer engineers 60 questions : circuits, power, electromagnetics, control systems, communications, signal processing, electronics, digital systems, computer systems (programming) Reference materials allowed 15

Principles and Practices of Software Engineering Exam Designed to test minimal competence With appropriate degree With five years experience 80 questions, multiple choice Reference materials allowed Based on rigorous body of knowledge Reliable and valid 16

P&P exam: knowledge areas 17 % of exam # of items 1. Requirements 17.50 14 2. Design 13.75 11 3. Construction 11.25 9 4. Testing 12.50 10 5. Maintenance 7.50 6 6. Configuration Management 7.50 6 7. Engineering Processes 7.50 6 8. Quality Assurance 7.50 6 9. Safety, Security, and Privacy 15.00 12 Sample exam book available through IEEE store

Sample question Correct answer: C 18

19 Alternate Paths and Industrial Exceptions Educational requirements may be waived or replaced additional years of experience alternate degrees certifications? Many states have industrial exemptions allow the practice of engineering without licensure under certain conditions few states actually exempt many categories of engineers from licensure. E.g. engineering faculty are specifically exempt in just a handful of jurisdictions State and local government agencies are exempt from engineering licensure in only one jurisdiction Public utilities are specified in only 11 jurisdictions State boards need to be encouraged to reduce the number of exemptions

Current status of licensure Licensure hotly debated for years 1998 Texas began licensing software engineers through portfolio review Alabama, Delaware, Florida, Michigan, Missouri, New Mexico, New York, North Carolina, Texas and Virginia expressed interest in developing a Principles & Practices exam All other states and U.S. jurisdictions (District of Columbia, Puerto Rico, Guam) can offer exam First exam given April 2013 Second exam given April 2014 20

States Offering SW PE Exam in 2013* Alabama Arkansas Colorado Florida Georgia Indiana Iowa Kansas Kentucky Louisiana Maine Michigan Minnesota Mississippi Missouri 21 *10 more in 2014 Nebraska New Hampshire New Mexico North Carolina North Dakota Oklahoma South Carolina South Dakota Tennessee Texas Utah Vermont West Virginia Wyoming

Implementation issues Defining the penumbra -- to which systems should licensure statutes apply? How do we treat the chain of interactions, custody and responsibility for interacting systems? What roles can licensed professional engineers play? What artifacts should be sealed by the PE; and what roles can non-pe software professionals play? 22

Third party components Treatment of software components produced in other countries open source communities states where licensure is not required entities that are not transparent (e.g. classified organizations)? Answer: same as other engineering disciplines e.g. licensed civil engineers spec steel produced in another country Same in other professions Nurses Accountants Physicians 23

International perspective Canada, UK, Ireland, Australia, New Zealand have some kind of licensure (or chartered engineer). Building blocks for international recognition of licensure (e.g. Bologna Accord, Washington Accord) Issues of cross border practice, forum for dispute resolution, etc. Is software engineering practiced differently around the world? 24

Objections to licensure Only passing a test? path is much more already detailed The Fundamentals of Engineering exam is irrelevant concepts of material properties, fluid mechanics and thermodynamics are relevant to a software engineer working on water treatment, power generation and distribution, or road and railway systems. The subject exam is irrelevant Professional knowledge and activities determined through same rigorous development process that is used for subject matter exams in other professions 25

Objections to licensure -- II Few software systems have failed we are only beginning to understand the complex interactions of systems of (software) systems ubiquity of embedded software Libertarian arguments must consider other licensed professions I should be licensed alternate paths to licensure Drives jobs overseas Will do the opposite 26

Going Forward A very small percentage of software professionals will have to be licensed Most electrical and mechanical engineers are not licensed, nor need to be, yet the path to licensure exists for them. Licensure as a competitive advantage companies and individuals For those who are working on systems that will be within the penumbra, licensing will be mandatory For most software professionals, a path to licensure exists 27

Going forward II States need to: promote the benefits of licensing software engineers include licensing provisions in RFPs For appropriate infrastructure projects State professional engineer licensing boards need help: understanding software implementation understanding the penumbra developing alternative paths to licensure creating grandfathering criteria refining the set of industrial exemptions 28

Summary Should licensure be required? are you willing to take personal risk on a software engineering decision? PEs stake their reputations, treasure, livelihood, and freedom risk tends to raise the standards of decision making Licensing does not prevent failures licensed doctors kill patients through malpractice licensed software engineers will introduce defects into software that can harm the public Licensure raises the standard of practice provide assurance to the public of minimal competency leads to safer, more secure, and more reliable software systems Need to better understand how to allocate responsibility and risk 29

Summary continued 30 Software, safety and reliability engineers and lawyers need to conduct further research leading to a comprehensive system for identification of licensable systems, that is, systems under which licensure laws apply a technical and legal framework for modeling systems interactions for the purposes of fairly assigning responsibility for failure a strategy for safely using third party furnished components

Questions? Contact: plaplante@psu.edu

Relevant Publications Phillip A. Laplante, Misconceptions About Licensing Software Engineers, The Institute, November 25, 2013 Phillip A. Laplante, Answers to FAQs about Software Licensing, The Institute, February 3, 2013. Phillip A. Laplante, Beth Kalinowski, Mitchell Thornton, "A Principles and Practices Exam Specification to Support Software Engineering Licensure in the United States of America," Software Quality Professional, vol. 15, no. 1, January, 2013, pp. 4-15. Phillip A. Laplante, "Safe and Secure Software Systems: The Role of Professional Licensure, "IT Professional, vol. 14, no. 6, 2012, pp. 51-53. P. A. Laplante, "An International Perspective on U.S. Licensure of Software Engineers, "Technology and Society, vol.32, no.1, pp.28-30, Spring 2013 32